$group->add(new Form_Input('pppoe_resetdate', null, 'text', $pconfig['pppoe_resetdate'], ['placeholder' => 'mm/dd/yyyy']))->setHelp('Specific date');
$group->setHelp('Leaving the date field empty will cause the reset to be executed each day at the time you specified in the minutes and hour fields. ');
$section->add($group);
$group = new Form_Group('Reset frequency');
$group->addClass('pppoe-reset-cron');
$group->add(new Form_Checkbox('pppoe_pr_preset_val', null, 'Monthly (0 0 1 * *)', $pconfig['pppoe_monthly'], 'monthly'))->displayAsRadio();
$group->add(new Form_Checkbox('pppoe_pr_preset_val', null, 'Weekly (0 0 * * 0)', $pconfig['pppoe_weekly'], 'weekly'))->displayAsRadio();
$group->add(new Form_Checkbox('pppoe_pr_preset_val', null, 'Daily (0 0 * * *)', $pconfig['pppoe_daily'], 'daily'))->displayAsRadio();
$group->add(new Form_Checkbox('pppoe_pr_preset_val', null, 'Hourly (0 * * * *)', $pconfig['pppoe_hourly'], 'hourly'))->displayAsRadio();
$section->add($group);
$btnadvanced = new Form_Button('btnadvanced', 'Show');
$btnadvanced->removeClass('btn-primary')->addClass('btn-default btn-sm');
$section->addInput(new Form_StaticText('Advanced options', $btnadvanced));
$form->add($section);
$section = new Form_Section('Advanced Configuration');
$section->addClass('sec-advanced');
// This will allow the section to be hidden/shown by calling e.g.: hideClass('advanced', true);
$section->addInput(new Form_Checkbox('ondemand', 'Dial On Demand', 'Enable Dial-on-Demand mode. ', $pconfig['ondemand']))->setHelp('Causes the interface to operate in dial-on-demand mode. Do NOT enable if you want your link to be always up. ' . 'The interface is configured, but the actual connection of the link is delayed until qualifying outgoing traffic is detected.');
$section->addInput(new Form_Input('idletimeout', 'Idle Timeout', 'text', $pconfig['idletimeout']))->setHelp('If no incoming or outgoing packets are transmitted for the entered number of seconds the connection is brought down.' . 'When the idle timeout occurs, if the dial-on-demand option is enabled, mpd goes back into dial-on-demand mode. ' . 'Otherwise, the interface is brought down and all associated routes removed.');
$section->addInput(new Form_Checkbox('vjcomp', 'Compression', 'Disable vjcomp (compression, auto-negotiated by default).', $pconfig['vjcomp']))->setHelp('Disable vjcomp(compression) (auto-negotiated by default).' . '<br />' . 'This option enables Van Jacobson TCP header compression, which saves several bytes per TCP data packet.' . 'This option is almost always required. Compression is not effective for TCP connections with enabled modern extensions like time ' . 'stamping or SACK, which modify TCP options between sequential packets.');
$section->addInput(new Form_Checkbox('tcpmssfix', 'TCPmssFix', 'Disable tcpmssfix (enabled by default).', $pconfig['tcpmssfix']))->setHelp('Causes mpd to adjust incoming and outgoing TCP SYN segments so that the requested maximum segment size is not greater than the amount ' . 'allowed by the interface MTU. This is necessary in many setups to avoid problems caused by routers that drop ICMP Datagram Too Big messages. Without these messages, ' . 'the originating machine sends data, it passes the rogue router then hits a machine that has an MTU that is not big enough for the data. Because the IP Don\'t Fragment option is set, ' . 'this machine sends an ICMP Datagram Too Big message back to the originator and drops the packet. The rogue router drops the ICMP message and the originator never ' . 'gets to discover that it must reduce the fragment size or drop the IP Don\'t Fragment option from its outgoing data.');
$section->addInput(new Form_Checkbox('shortseq', 'ShortSeq', 'Disable shortseq (auto-negotiated by default).', $pconfig['shortseq']))->setHelp('This option is only meaningful if multi-link PPP is negotiated. It proscribes shorter multi-link fragment headers, saving two bytes on every frame. ' . 'It is not necessary to disable this for connections that are not multi-link.');
$section->addInput(new Form_Checkbox('acfcomp', 'ACFComp', 'Disable ACF compression (auto-negotiated by default)', $pconfig['acfcomp']))->setHelp('Address and control field compression. This option only applies to asynchronous link types. It saves two bytes per frame.');
$section->addInput(new Form_Checkbox('protocomp', 'ProtoComp', 'Disable Protocol compression (auto-negotiated by default)', $pconfig['protocomp']))->setHelp('Protocol field compression. This option saves one byte per frame for most frames.');
// Display the Link parameters. We will hide this by default, then un-hide the selected ones on clicking 'Advanced'
$j = 0;
foreach ($linklist['list'] as $ifnm => $nm) {
$group = new Form_Group('Link Parameters (' . $ifnm . ')');
$group->add(new Form_Input('bandwidth' . $j, null, 'text', $pconfig['bandwidth'][$j]))->setHelp('Bandwidth');
$group->add(new Form_Input('mtu' . $j, null, 'text', $pconfig['mtu'][$j]))->setHelp('MTU');
$group->add(new Form_Input('mru' . $j, null, 'text', $pconfig['mru'][$j]))->setHelp('MRU');
} else {
$group->setHelp('Specify the destination port or port range for this rule. ' . 'You can leave the "To" field empty if you only want to filter a ' . 'single port.');
}
$group->addClass($type == 'src' ? 'srcprtr' : 'dstprtr');
$section->add($group);
$form->add($section);
}
$section = new Form_Section('Extra options');
$section->addInput(new Form_Checkbox('log', 'Log', 'Log packets that are handled by this rule', $pconfig['log']))->setHelp('Hint: the firewall has limited local log space. Don\'t turn on logging ' . 'for everything. If you want to do a lot of logging, consider using a remote ' . 'syslog server (see the <a href="diag_logs_settings.php">Diagnostics: System logs: ' . 'Settings</a> page).');
$section->addInput(new Form_Input('descr', 'Description', 'text', $pconfig['descr']))->setHelp('You may enter a description here for your reference.');
$btnadvanced = new Form_Button('toggle-advanced', 'Advanced options');
$btnadvanced->removeClass('btn-primary')->addClass('btn-info');
$section->addInput(new Form_StaticText(null, $btnadvanced));
$form->add($section);
$section = new Form_Section('Advanced options');
$section->addClass('advanced-options');
$section->addInput(new Form_Select('os', 'Source OS', empty($pconfig['os']) ? '' : $pconfig['os'], ['' => 'Any'] + array_combine($ostypes, $ostypes)))->setHelp('Note: this only works for TCP rules. General OS choice matches all subtypes.');
$section->addInput(new Form_Select('dscp', 'Diffserv Code Point', $pconfig['dscp'], ["" => ''] + array_combine($firewall_rules_dscp_types, $firewall_rules_dscp_types)));
$section->addInput(new Form_Checkbox('allowopts', 'Allow IP options', 'Allow packets with IP options to pass. Otherwise they are blocked by ' . 'default. This is usually only seen with multicast traffic.', $pconfig['allowopts']));
$section->addInput(new Form_Checkbox('disablereplyto', 'Disable reply-to', 'Disable auto generated reply-to for this rule.', $pconfig['disablereplyto']));
$section->addInput(new Form_Input('tag', 'Tag', 'text', $pconfig['tag']))->setHelp('You can mark a packet matching this rule and use this mark to match ' . 'on other NAT/filter rules. It is called <b>Policy filtering</b>.');
$section->addInput(new Form_Input('tagged', 'Tagged', 'text', $pconfig['tagged']))->setHelp('You can match packet on a mark placed before on another rule.');
$section->addInput(new Form_Input('max', 'Max. states', 'number', $pconfig['max']))->setHelp('Maximum state entries this rule can create.');
$section->addInput(new Form_Input('max-src-nodes', 'Max. src nodes', 'number', $pconfig['max-src-nodes']))->setHelp('Maximum number of unique source hosts.');
$section->addInput(new Form_Input('max-src-conn', 'Max. connections', 'number', $pconfig['max-src-conn']))->setHelp('Maximum number of established connections per host (TCP only).');
$section->addInput(new Form_Input('max-src-states', 'Max. src. states', 'number', $pconfig['max-src-states']))->setHelp('Maximum state entries per host.');
$section->addInput(new Form_Input('max-src-conn-rate', 'Max. src. conn. Rate', 'number', $pconfig['max-src-conn-rate']))->setHelp('Maximum state entries per host');
$section->addInput(new Form_Input('max-src-conn-rates', 'Max. src. conn. Rates', 'number', $pconfig['max-src-conn-rates'], ['min' => 1, 'max' => 255]))->setHelp('Maximum new connections per host / per second(s) (TCP only)');
$section->addInput(new Form_Input('statetimeout', 'State timeout', 'number', $pconfig['statetimeout'], ['min' => 1, 'max' => 3600]))->setHelp('State Timeout in seconds (TCP only)');
$section->addInput(new Form_StaticText('TCP Flags', build_flag_table()))->setHelp('Use this to choose TCP flags that must be set or cleared for this rule to match.');
$section->addInput(new Form_Checkbox('nopfsync', 'No pfSync', 'Prevent states created by this rule to be sync\'ed over pfsync.', $pconfig['nopfsync']));
}
$section->addInput(new Form_Button('addrow', 'Add'))->removeClass('btn-primary')->addClass('btn-success');
$form->add($section);
$section = new Form_Section('External Signing Request');
$section->addClass('toggle-external collapse');
$section->addInput(new Form_Select('csr_keylen', 'Key length', $pconfig['csr_keylen'], array_combine($cert_keylens, $cert_keylens)));
$section->addInput(new Form_Select('csr_digest_alg', 'Digest Algorithm', $pconfig['csr_digest_alg'], array_combine($openssl_digest_algs, $openssl_digest_algs)))->setHelp('NOTE: It is recommended to use an algorithm stronger than ' . 'SHA1 when possible');
$section->addInput(new Form_Select('csr_dn_country', 'Country Code', $pconfig['dn_country'], $dn_cc));
$section->addInput(new Form_Input('csr_dn_state', 'State or Province', 'text', $pconfig['csr_dn_state'], ['placeholder' => 'e.g. Texas']));
$section->addInput(new Form_Input('csr_dn_city', 'City', 'text', $pconfig['csr_dn_city'], ['placeholder' => 'e.g. Austin']));
$section->addInput(new Form_Input('csr_dn_organization', 'Organization', 'text', $pconfig['csr_dn_organization'], ['placeholder' => 'e.g. My Company Inc.']));
$section->addInput(new Form_Input('csr_dn_email', 'Email Address', 'email', $pconfig['csr_dn_email'], ['placeholder' => 'e.g. admin@mycompany.com']));
$section->addInput(new Form_Input('csr_dn_commonname', 'Common Name', 'text', $pconfig['csr_dn_commonname'], ['placeholder' => 'e.g. internal-ca']));
$form->add($section);
$section = new Form_Section('Choose an Existing Certificate');
$section->addClass('toggle-existing collapse');
$existCerts = array();
foreach ($config['cert'] as $cert) {
if (is_array($config['system']['user'][$userid]['cert'])) {
// Could be MIA!
if (isset($userid) && in_array($cert['refid'], $config['system']['user'][$userid]['cert'])) {
continue;
}
}
$ca = lookup_ca($cert['caref']);
if ($ca) {
$cert['descr'] .= " (CA: {$ca['descr']})";
}
if (cert_in_use($cert['refid'])) {
$cert['descr'] .= " <i>In Use</i>";
}
// ==== Effective privileges section ======================================
if (isset($pconfig['uid'])) {
// We are going to build an HTML table and add it to an Input_StaticText. It may be ugly, but it
// is the best way to make the display we need.
$section = new Form_Section('Effective Privileges');
$section->addInput(new Form_StaticText(null, build_priv_table()));
$form->add($section);
// ==== Certificate table section =====================================
$section = new Form_Section('User certificates');
$section->addInput(new Form_StaticText(null, build_cert_table()));
$form->add($section);
}
// ==== Add user certificate for a new user
if (is_array($config['ca']) && count($config['ca']) > 0) {
$section = new Form_Section('Create certificate for user');
$section->addClass('cert-options');
$nonPrvCas = array();
foreach ($config['ca'] as $ca) {
if (!$ca['prv']) {
continue;
}
$nonPrvCas[$ca['refid']] = $ca['descr'];
}
if (!empty($nonPrvCas)) {
$section->addInput(new Form_Input('name', 'Descriptive name', 'text', $pconfig['name']));
$section->addInput(new Form_Select('caref', 'Certificate authority', null, $nonPrvCas));
$section->addInput(new Form_Select('keylen', 'Key length', 2048, array(512 => '512 bits', 1024 => '1024 bits', 2048 => '2049 bits', 4096 => '4096 bits')));
$section->addInput(new Form_Input('lifetime', 'Lifetime', 'number', $pconfig['lifetime']));
}
$form->add($section);
}
$form->addGlobal(new Form_Input('refid', null, 'hidden', $pconfig['refid']));
}
$section = new Form_Section('Create / Edit CA');
$section->addInput(new Form_Input('descr', 'Descriptive name', 'text', $pconfig['descr']));
if (!isset($id) || $act == "edit") {
$section->addInput(new Form_Select('method', 'Method', $pconfig['method'], $ca_methods))->toggles();
}
$form->add($section);
$section = new Form_Section('Existing Certificate Authority');
$section->addClass('toggle-existing collapse');
$section->addInput(new Form_Textarea('cert', 'Certificate data', $pconfig['cert']))->setHelp('Paste a certificate in X.509 PEM format here.');
$section->addInput(new Form_Textarea('key', 'Certificate Private Key (optional)', $pconfig['key']))->setHelp('Paste the private key for the above certificate here. This is ' . 'optional in most cases, but is required when generating a ' . 'Certificate Revocation List (CRL).');
$section->addInput(new Form_Input('serial', 'Serial for next certificate', 'number', $pconfig['serial']))->setHelp('Enter a decimal number to be used as the serial number for the next ' . 'certificate to be created using this CA.');
$form->add($section);
$section = new Form_Section('Internal Certificate Authority');
$section->addClass('toggle-internal', 'toggle-intermediate', 'collapse');
$allCas = array();
foreach ($a_ca as $ca) {
if (!$ca['prv']) {
continue;
}
$allCas[$ca['refid']] = $ca['descr'];
}
$group = new Form_Group('Signing Certificate Authority');
$group->addClass('toggle-intermediate', 'collapse');
$group->add(new Form_Select('caref', null, $pconfig['caref'], $allCas));
$section->add($group);
$section->addInput(new Form_Select('keylen', 'Key length (bits)', $pconfig['keylen'], array_combine($ca_keylens, $ca_keylens)));
$section->addInput(new Form_Select('digest_alg', 'Digest Algorithm', $pconfig['digest_alg'], array_combine($openssl_digest_algs, $openssl_digest_algs)))->setHelp('NOTE: It is recommended to use an algorithm stronger than SHA1 ' . 'when possible.');
$section->addInput(new Form_Input('lifetime', 'Lifetime (days)', 'number', $pconfig['lifetime']));
$section->addInput(new Form_Select('dn_country', 'Country Code', $pconfig['dn_country'], $dn_cc));
$section->addInput(new Form_Input('remote_networkv6', 'IPv6 Remote network(s)', 'text', $pconfig['remote_networkv6']))->setHelp('These are the IPv6 networks that will be routed through the tunnel, so that a site-to-site VPN can be established without manually ' . 'changing the routing tables. Expressed as a comma-separated list of one or more IP/PREFIX. ' . 'If this is a site-to-site VPN, enter the remote LAN/s here. May be left blank for non site-to-site VPN.');
$section->addInput(new Form_Input('maxclients', 'Concurrent connections', 'number', $pconfig['maxclients']))->setHelp('Specify the maximum number of clients allowed to concurrently connect to this server.');
$section->addInput(new Form_Select('compression', 'Compression', $pconfig['compression'], $openvpn_compression_modes))->setHelp('Compress tunnel packets using the LZO algorithm. ' . 'Adaptive compression will dynamically disable compression for a period of time if OpenVPN detects that the data in the ' . 'packets is not being compressed efficiently.');
$section->addInput(new Form_Checkbox('passtos', 'Type-of-Service', 'Set the TOS IP header value of tunnel packets to match the encapsulated packet value.', $pconfig['passtos']));
$section->addInput(new Form_Checkbox('client2client', 'Inter-client communication', 'Allow communication between clients connected to this server', $pconfig['client2client']));
$section->addInput(new Form_Checkbox('duplicate_cn', 'Duplicate Connection', 'Allow multiple concurrent connections from clients using the same Common Name.', $pconfig['duplicate_cn']))->setHelp('(This is not generally recommended, but may be needed for some scenarios.)');
$section->addInput(new Form_Checkbox('no_tun_ipv6', 'Disable IPv6', 'Don\'t forward IPv6 traffic. ', $pconfig['no_tun_ipv6']));
$form->add($section);
$section = new Form_Section('Client Settings');
$section->addClass('advanced');
$section->addInput(new Form_Checkbox('dynamic_ip', 'Dynamic IP', 'Allow connected clients to retain their connections if their IP address changes.', $pconfig['dynamic_ip']));
$section->addInput(new Form_Checkbox('pool_enable', 'Address Pool', 'Provide a virtual adapter IP address to clients (see Tunnel Network).', $pconfig['pool_enable']));
$section->addInput(new Form_Select('topology', 'Topology', $pconfig['topology'], $openvpn_topologies))->setHelp('Specifies the method used to supply a virtual adapter IP address to clients when using TUN mode on IPv4.' . '<br />' . 'Some clients may require this be set to "subnet" even for IPv6, such as OpenVPN Connect (iOS/Android). ' . 'Older versions of OpenVPN (before 2.0.9) or clients such as Yealink phones may require "net30".');
$form->add($section);
$section = new Form_Section("Advanced Client Settings");
$section->addClass("clientadv");
$section->addInput(new Form_Checkbox('dns_domain_enable', 'DNS Default Domain', 'Provide a default domain name to clients', $pconfig['dns_domain_enable']));
$section->addInput(new Form_Input('dns_domain', 'DNS Default Domain', 'text', $pconfig['dns_domain']));
$section->addInput(new Form_Checkbox('dns_server_enable', 'DNS Server enable', 'Provide a DNS server list to clients', $pconfig['dns_server_enable']));
$section->addInput(new Form_Input('dns_server1', 'DNS Server 1', 'text', $pconfig['dns_server1']));
$section->addInput(new Form_Input('dns_server2', 'DNS Server 2', 'text', $pconfig['dns_server2']));
$section->addInput(new Form_Input('dns_server3', 'DNS Server 3', 'text', $pconfig['dns_server3']));
$section->addInput(new Form_Input('dns_server4', 'DNS Server 4', 'text', $pconfig['dns_server4']));
$section->addInput(new Form_Checkbox('push_blockoutsidedns', 'Block Outside DNS', 'Make Windows 10 Clients Block access to DNS servers except across OpenVPN while connected, forcing clients to use only VPN DNS servers.', $pconfig['push_blockoutsidedns']))->setHelp('Requires Windows 10 and OpenVPN 2.3.9 or later. Only Windows 10 is prone to DNS leakage in this way, other clients will ignore the option as they are not affected.');
$section->addInput(new Form_Checkbox('push_register_dns', 'Force DNS cache update', 'Run "net stop dnscache", "net start dnscache", "ipconfig /flushdns" and "ipconfig /registerdns" on connection initiation.', $pconfig['push_register_dns']))->setHelp('This is known to kick Windows into recognizing pushed DNS servers.');
$section->addInput(new Form_Checkbox('ntp_server_enable', 'NTP Server enable', 'Provide an NTP server list to clients', $pconfig['ntp_server_enable']));
$section->addInput(new Form_Input('ntp_server1', 'NTP Server 1', 'text', $pconfig['ntp_server1']));
$section->addInput(new Form_Input('ntp_server2', 'NTP Server 2', 'text', $pconfig['ntp_server2']));
$section->addInput(new Form_Checkbox('netbios_enable', 'NetBIOS enable', 'Enable NetBIOS over TCP/IP', $pconfig['netbios_enable']))->setHelp('If this option is not set, all NetBIOS-over-TCP/IP options (including WINS) will be disabled.');
$section->addInput(new Form_Select('netbios_ntype', 'Node Type', $pconfig['netbios_ntype'], $netbios_nodetypes))->setHelp('Possible options: b-node (broadcasts), p-node (point-to-point name queries to a WINS server), ' . 'm-node (broadcast then query name server), and h-node (query name server, then broadcast)');
$section->addInput(new Form_Input('netbios_scope', 'Scope ID', 'text', $pconfig['netbios_scope']))->setHelp('A NetBIOS Scope ID provides an extended naming service for NetBIOS over TCP/IP. The NetBIOS ' . 'scope ID isolates NetBIOS traffic on a single network to only those nodes with the same ' . 'NetBIOS scope ID');
$form = new Form();
$section = new Form_Section('SNMP Daemon');
$section->addInput(new Form_Checkbox('enable', 'Enable', 'Enable the SNMP Daemon and its controls', $pconfig['enable']));
$form->add($section);
$section = new Form_Section('SNMP Daemon Settings');
$section->addInput(new Form_Input('pollport', 'Polling Port', 'text', $pconfig['pollport'] ? $pconfig['pollport'] : '161'))->setHelp('Enter the port to accept polling events on (default 161)');
$section->addInput(new Form_Input('syslocation', 'System Location', 'text', $pconfig['syslocation']));
$section->addInput(new Form_Input('syscontact', 'System Contact', 'text', $pconfig['syscontact']));
$section->addInput(new Form_Input('rocommunity', 'Read Community String', 'text', $pconfig['rocommunity']))->setHelp('The community string is like a password, restricting access to querying SNMP to hosts knowing the community string. Use a strong value here to protect from unauthorized information disclosure.');
$form->add($section);
$section = new Form_Section('SNMP Traps Enable');
$section->addInput(new Form_Checkbox('trapenable', 'Enable', 'Enable the SNMP Trap and its controls', $pconfig['trapenable']))->toggles('.toggle-traps');
$form->add($section);
$section = new Form_Section('SNMP Trap Settings');
if ($pconfig['trapenable']) {
$section->addClass('toggle-traps', 'in');
} else {
$section->addClass('toggle-traps', 'collapse');
}
$section->addInput(new Form_Input('trapserver', 'Trap server', 'text', $pconfig['trapserver']))->setHelp('Enter the trap server name');
$section->addInput(new Form_Input('trapserverport', 'Trap Server Port', 'text', $pconfig['trapserverport'] ? $pconfig['trapserverport'] : '162'))->setHelp('Enter the port to send the traps to (default 162)');
$section->addInput(new Form_Input('trapstring', 'SNMP Trap String', 'text', $pconfig['trapstring']));
$form->add($section);
$section = new Form_Section('SNMP Modules');
$group = new Form_MultiCheckboxGroup('SNMP modules');
$group->add(new Form_MultiCheckbox('mibii', null, 'MibII', $pconfig['mibii']));
$group->add(new Form_MultiCheckbox('netgraph', null, 'Netgraph', $pconfig['netgraph']));
$group->add(new Form_MultiCheckbox('pf', null, 'PF', $pconfig['pf']));
$group->add(new Form_MultiCheckbox('hostres', null, 'Host Resources', $pconfig['hostres']));
$group->add(new Form_MultiCheckbox('ucd', null, 'UCD', $pconfig['ucd']));
$group->add(new Form_MultiCheckbox('regex', null, 'Regex', $pconfig['regex']));
$edgelist = build_port_list($pconfig['ptp']);
$section->addInput(new Form_Select('ptp', 'PTP Ports', $edgelist['selected'], $edgelist['list'], true))->setHelp('Set the interface as a point-to-point link. This is required for straight transitions to forwarding and should be enabled on a direct link to another RSTP-capable switch.');
$edgelist = build_port_list($pconfig['autoptp']);
$section->addInput(new Form_Select('autoptp', 'Auto PTP Ports', $edgelist['selected'], $edgelist['list'], true))->setHelp('Automatically detect the point-to-point status on interface by checking the full duplex link status. This is the default for interfaces added to the bridge.' . '%sThe interfaces selected here will be removed from default autoedge status. %s', ['<strong>', '</strong>']);
$edgelist = build_port_list($pconfig['static']);
$section->addInput(new Form_Select('static', 'Sticky Ports', $edgelist['selected'], $edgelist['list'], true))->setHelp('Mark an interface as a "sticky" interface. Dynamically learned address entries are treated as static once entered into the cache. ' . 'Sticky entries are never aged out of the cache or replaced, even if the address is seen on a different interface.');
$edgelist = build_port_list($pconfig['private']);
$section->addInput(new Form_Select('private', 'Private Ports', $edgelist['selected'], $edgelist['list'], true))->setHelp('Mark an interface as a "private" interface. A private interface does not forward any traffic to any other port that is also a private interface. ');
// STP section
// ToDo: - Should disable spanning tree section when not checked
$section->addInput(new Form_Checkbox('enablestp', 'Enable RSTP/STP', null, $pconfig['enablestp']));
// Show the spanning tree section
$form->add($section);
$section = new Form_Section('RSTP/STP');
if ($pconfig['showadvanced']) {
$section->addClass('toggle-advanced in');
} else {
$section->addClass('toggle-advanced collapse');
}
$section->addInput(new Form_Select('proto', 'Protocol', $pconfig['proto'], array('rstp' => 'RSTP', 'stp' => 'STP')))->setHelp('Protocol used for spanning tree.');
$edgelist = build_port_list($pconfig['stp']);
$section->addInput(new Form_Select('stp', 'STP Interfaces', $edgelist['selected'], $edgelist['list'], true))->setHelp('Enable Spanning Tree Protocol on interface. The if_bridge(4) driver has support for the IEEE 802.1D Spanning Tree Protocol (STP).' . 'STP is used to detect and remove loops in a network topology.');
$section->addInput(new Form_Input('maxage', 'Valid time', 'number', $pconfig['maxage'], ['placeholder' => 20, 'min' => 6, 'max' => 40]))->setHelp('Set the time that a Spanning Tree Protocol configuration is valid. The default is 20 seconds. The minimum is 6 seconds and the maximum is 40 seconds.');
$section->addInput(new Form_Input('fwdelay', 'Forward time', 'number', $pconfig['fwdelay'], ['placeholder' => 15, 'min' => 4, 'max' => 30]))->setHelp('Set the time that must pass before an interface begins forwarding packets when Spanning Tree is enabled. The default is 15 seconds. The minimum is 4 seconds and the maximum is 30 seconds. ');
$section->addInput(new Form_Input('hellotime', 'Hello time', 'number', $pconfig['hellotime'], ['placeholder' => 2, 'min' => 1, 'max' => 2, 'step' => '0.1']))->setHelp('Set the time in seconds between broadcasting of Spanning Tree Protocol configuration messages. The hello time may only be changed when operating in legacy STP mode.' . 'The default is 2 seconds. The minimum is 1 second and the maximum is 2 seconds.');
$section->addInput(new Form_Input('priority', 'Priority', 'text', $pconfig['priority'], ['placeholder' => 32768, 'min' => 0, 'max' => 61440]))->setHelp('Set the bridge priority for Spanning Tree. The default is 32768. The minimum is 0 and the maximum is 61440. ');
$section->addInput(new Form_Input('holdcnt', 'Hold Count', 'number', $pconfig['holdcnt'], ['placeholder' => 6, 'min' => 1, 'max' => 10]))->setHelp('Set the transmit hold count for Spanning Tree. This is the number of packets transmitted before being rate limited. The default is 6. The minimum is 1 and the maximum is 10.');
foreach ($ifacelist as $ifn => $ifdescr) {
$section->addInput(new Form_Input($ifn, $ifdescr . ' Priority', 'number', $pconfig[$ifn], ['placeholder' => 128, 'min' => 0, 'max' => 240, 'step' => 16]))->setHelp('Set the Spanning Tree priority of interface to value. The default is 128. The minimum is 0 and the maximum is 240. Increments of 16.');
}
$i = 0;
foreach ($ldap_templates as $option => $template) {
$template_list[$option] = $template['desc'];
}
$section->addInput(new Form_Select('ldap_tmpltype', 'Initial Template', $pconfig['ldap_template'], $template_list));
}
$section->addInput(new Form_Input('ldap_attr_user', 'User naming attribute', 'text', $pconfig['ldap_attr_user']));
$section->addInput(new Form_Input('ldap_attr_group', 'Group naming attribute', 'text', $pconfig['ldap_attr_group']));
$section->addInput(new Form_Input('ldap_attr_member', 'Group member attribute', 'text', $pconfig['ldap_attr_member']));
$section->addInput(new Form_Checkbox('ldap_rfc2307', 'RFC 2307 Groups', 'LDAP Server uses RFC 2307 style group membership', $pconfig['ldap_rfc2307']))->setHelp('RFC 2307 style group membership has members listed on the group ' . 'object rather than using groups listed on user object. Leave unchecked ' . 'for Active Directory style group membership (RFC 2307bis).');
$section->addInput(new Form_Input('ldap_attr_groupobj', 'Group Object Class', 'text', $pconfig['ldap_attr_groupobj'], ['placeholder' => 'posixGroup']))->setHelp('Object class used for groups in RFC2307 mode. ' . 'Typically "posixGroup" or "group".');
$section->addInput(new Form_Checkbox('ldap_utf8', 'UTF8 Encode', 'UTF8 encode LDAP parameters before sending them to the server.', $pconfig['ldap_utf8']))->setHelp('Required to support international characters, but may not be ' . 'supported by every LDAP server.');
$section->addInput(new Form_Checkbox('ldap_nostrip_at', 'Username Alterations', 'Do not strip away parts of the username after the @ symbol', $pconfig['ldap_nostrip_at']))->setHelp('e.g. user@host becomes user when unchecked.');
$form->add($section);
// ==== RADIUS section ========================================================
$section = new Form_Section('RADIUS Server Settings');
$section->addClass('toggle-radius collapse');
$section->addInput(new Form_Input('radius_host', 'Hostname or IP address', 'text', $pconfig['radius_host']));
$section->addInput(new Form_Input('radius_secret', 'Shared Secret', 'text', $pconfig['radius_secret']));
$section->addInput(new Form_Select('radius_srvcs', 'Services offered', $pconfig['radius_srvcs'], $radius_srvcs));
$section->addInput(new Form_Input('radius_auth_port', 'Authentication port', 'number', $pconfig['radius_auth_port']));
$section->addInput(new Form_Input('radius_acct_port', 'Accounting port', 'number', $pconfig['radius_acct_port']));
$section->addInput(new Form_Input('radius_timeout', 'Authentication Timeout', 'number', $pconfig['radius_timeout']))->setHelp('This value controls how long, in seconds, that the RADIUS ' . 'server may take to respond to an authentication request. If left blank, the ' . 'default value is 5 seconds. NOTE: If using an interactive two-factor ' . 'authentication system, increase this timeout to account for how long it will ' . 'take the user to receive and enter a token.');
if (isset($id) && $a_server[$id]) {
$section->addInput(new Form_Input('id', null, 'hidden', $id));
}
$form->add($section);
// Create a largely empty modal to show the available containers. We will populate it via AJAX later
$modal = new Modal("LDAP containers", "containers", true);
$form->add($modal);
print $form;
?>
$section->addInput(new Form_Checkbox('enable', 'Enable', 'Enable the creation, generation and activation of rolls with vouchers', $pconfig['enable']));
$form->add($section);
$section = new Form_Section('Create, generate and activate Rolls with Vouchers');
$section->addClass('rolledit');
$section->addInput(new Form_Textarea('publickey', 'Voucher Public Key', $pconfig['publickey']))->setHelp('Paste an RSA public key (64 Bit or smaller) in PEM format here. This key is used to decrypt vouchers.');
$section->addInput(new Form_Textarea('privatekey', 'Voucher Private Key', $pconfig['privatekey']))->setHelp('Paste an RSA private key (64 Bit or smaller) in PEM format here. This key is only used to generate encrypted vouchers and doesn\'t need to be available if the vouchers have been generated offline.');
$section->addInput(new Form_Input('charset', 'Character set', 'text', $pconfig['charset']))->setHelp('Tickets are generated with the specified character set. It should contain printable characters (numbers, lower case and upper case letters) that are hard to confuse with others. Avoid e.g. 0/O and l/1.');
$section->addInput(new Form_Input('rollbits', '# of Roll bits', 'text', $pconfig['rollbits']))->setHelp('Reserves a range in each voucher to store the Roll # it belongs to. Allowed range: 1..31. Sum of Roll+Ticket+Checksum bits must be one Bit less than the RSA key size.');
$section->addInput(new Form_Input('ticketbits', '# of Ticket bits', 'text', $pconfig['ticketbits']))->setHelp('Reserves a range in each voucher to store the Ticket# it belongs to. Allowed range: 1..16. ' . 'Using 16 bits allows a roll to have up to 65535 vouchers. ' . 'A bit array, stored in RAM and in the config, is used to mark if a voucher has been used. A bit array for 65535 vouchers requires 8 KB of storage. ');
$section->addInput(new Form_Input('checksumbits', '# of Checksum bits', 'text', $pconfig['checksumbits']))->setHelp('Reserves a range in each voucher to store a simple checksum over Roll # and Ticket#. Allowed range is 0..31.');
$section->addInput(new Form_Input('magic', 'Magic number', 'text', $pconfig['magic']))->setHelp('Magic number stored in every voucher. Verified during voucher check. ' . 'Size depends on how many bits are left by Roll+Ticket+Checksum bits. If all bits are used, no magic number will be used and checked.');
$section->addInput(new Form_Input('msgnoaccess', 'Invalid voucher message', 'text', $pconfig['msgnoaccess']))->setHelp('Error message displayed for invalid vouchers on captive portal error page ($PORTAL_MESSAGE$).');
$section->addInput(new Form_Input('msgexpired', 'Expired voucher message', 'text', $pconfig['msgexpired']))->setHelp('Error message displayed for expired vouchers on captive portal error page ($PORTAL_MESSAGE$).');
$form->add($section);
$section = new Form_Section('Voucher database synchronization');
$section->addClass('rolledit');
$section->addInput(new Form_IpAddress('vouchersyncdbip', 'Synchronize Voucher Database IP', $pconfig['vouchersyncdbip']))->setHelp('IP address of master nodes webConfigurator to synchronize voucher database and used vouchers from.' . '<br />' . 'NOTE: this should be setup on the slave nodes and not the primary node!');
$section->addInput(new Form_Input('vouchersyncport', 'Voucher sync port', 'text', $pconfig['vouchersyncport']))->setHelp('The port of the master voucher node\'s webConfigurator. Example: 443 ');
$section->addInput(new Form_Input('vouchersyncusername', 'Voucher sync username', 'text', $pconfig['vouchersyncusername']))->setHelp('This is the username of the master voucher nodes webConfigurator.');
$section->addPassword(new Form_Input('vouchersyncpass', 'Voucher sync password', 'password', $pconfig['vouchersyncpass']))->setHelp('This is the password of the master voucher nodes webConfigurator.');
$section->addInput(new Form_Input('zone', null, 'hidden', $cpzone));
$section->addInput(new Form_Input('exponent', null, 'hidden', $pconfig['exponent']));
$form->add($section);
print $form;
?>
<div class="rolledit">
<?php
print_info_box(gettext('Changing any Voucher parameter (apart from managing the list of Rolls) on this page will render existing vouchers useless if they were generated with different settings. ' . 'Specifying the Voucher Database Synchronization options will not record any other value from the other options. They will be retrieved/synced from the master.'), 'info');
?>
</div>
print_input_errors($input_errors);
}
require_once 'classes/Form.class.php';
$form = new Form(new Form_Button('Submit', gettext("Save")));
$section = new Form_Section('Edit Load Balancer - Monitor entry');
$section->addInput(new Form_Input('name', 'Name', 'text', $pconfig['name']));
$section->addInput(new Form_Input('descr', 'Description', 'text', $pconfig['descr']));
$section->addInput(new Form_Select('type', 'Type', $pconfig['type'], $types));
$form->add($section);
$section = new Form_Section('HTTP Options');
$section->addClass('http');
$section->addInput(new Form_Input('http_options_path', 'Path', 'text', $pconfig['options']['path']));
$section->addInput(new Form_Input('http_options_host', 'Host', 'text', $pconfig['options']['host']))->setHelp('Hostname for Host: header if needed.');
$section->addInput(new Form_Select('http_options_code', 'HTTP Code', $pconfig['options']['code'], $rfc2616));
$form->add($section);
$section = new Form_Section('HTTPS Options');
$section->addClass('https');
$section->addInput(new Form_Input('https_options_path', 'Path', 'text', $pconfig['options']['path']));
$section->addInput(new Form_Input('https_options_host', 'Host', 'text', $pconfig['options']['host']))->setHelp('Hostname for Host: header if needed.');
$section->addInput(new Form_Select('https_options_code', 'HTTPS Code', $pconfig['options']['code'], $rfc2616));
$form->add($section);
$section = new Form_Section('Send/Expect Options');
$section->addClass('send');
$section->addInput(new Form_Input('send_options_send', 'Send', 'text', $pconfig['options']['send']));
$section->addInput(new Form_Input('send_options_expect', 'Expect', 'text', $pconfig['options']['expect']));
if (isset($id) && $a_monitor[$id]) {
$section->addInput(new Form_Input('id', null, 'hidden', $id));
}
$form->add($section);
print $form;
include "foot.inc";
$section->addInput(new Form_Select('radiussrcip_attribute', 'RADIUS NAS IP Attribute', $pconfig['radiussrcip_attribute'], build_radiusnas_list()))->setHelp('Choose the IP to use for calling station attribute.');
$section->addInput(new Form_Checkbox('radiussession_timeout', 'Session timeout', 'Use RADIUS Session-Timeout attributes', $pconfig['radiussession_timeout']))->setHelp('When enabled, clients will be disconnected after the amount of time retrieved from the RADIUS Session-Timeout attribute.');
$section->addInput(new Form_Select('radiusvendor', 'Type', $pconfig['radiusvendor'], ['default' => 'default', 'cisco' => 'cisco']))->setHelp('If RADIUS type is set to Cisco, in Access-Requests the value of Calling-Station-ID will be set to the client\'s IP address and the ' . 'Called-Station-Id to the client\'s MAC address. Default behavior is Calling-Station-Id = client\'s MAC address and ' . 'Called-Station-ID = pfSense\'s WAN IP address.');
$section->addInput(new Form_Checkbox('reverseacct', 'Accounting style', 'Invert Acct-Input-Octets and Acct-Output-Octets', $pconfig['reverseacct']))->setHelp('When enabled, data counts for RADIUS accounting packets will be taken from the client perspective, not the NAS. ' . 'Acct-Input-Octets will represent download, and Acct-Output-Octets will represent upload.');
$section->addInput(new Form_Input('radiusnasid', 'NAS Identifier', 'text', $pconfig['radiusnasid']))->setHelp('Specify a NAS identifier to override the default value (pfSense.localdomain)');
$section->addInput(new Form_Select('radmac_format', 'MAC address format', $pconfig['radmac_format'], ['default' => 'Default', 'singledash' => 'Single dash', 'ietf' => 'IETF', 'cisco' => 'Cisco', 'unformatted' => 'Unformatted']))->setHelp('This option changes the MAC address format used in the whole RADIUS system. Change this if you also need to change the username format for ' . 'RADIUS MAC authentication.' . '<br />' . 'Default: 00:11:22:33:44:55' . '<br />' . 'Single dash: 001122-334455' . '<br />' . 'IETF: 00-11-22-33-44-55' . '<br />' . 'Cisco: 0011.2233.4455' . '<br />' . 'Unformatted: 001122334455');
$form->add($section);
$section = new Form_Section('HTTPS options');
$section->addClass('HTTPS');
$section->addInput(new Form_Checkbox('httpslogin_enable', 'Login', 'Enable HTTPS login', $pconfig['httpslogin_enable']))->setHelp('When enabled, the username and password will be transmitted over an HTTPS connection to protect against eavesdroppers. ' . 'A server name and certificate must also be specified below.');
$section->addInput(new Form_Input('httpsname', 'HTTPS server name', 'text', $pconfig['httpsname']))->setHelp('This name will be used in the form action for the HTTPS POST and should match the Common Name (CN) in your certificate ' . '(otherwise, the client browser will most likely display a security warning). ' . 'Make sure captive portal clients can resolve this name in DNS and verify on the client that the IP resolves to the correct interface IP on pfSense.');
$section->addInput(new Form_Select('certref', 'SSL Certificate', $pconfig['certref'], build_cert_list()))->setHelp('If no certificates are defined, you may define one here: ' . '<a href="system_certmanager.php">System > Cert Manager</a>');
$section->addInput(new Form_Checkbox('nohttpsforwards', 'HTTPS Forwards', 'Disable HTTPS Forwards', $pconfig['nohttpsforwards']))->setHelp('If this option is set, attempts to connect to SSL/HTTPS (Port 443) sites will not be forwarded to the captive portal' . 'This prevents certificate errors from being presented to the user even if HTTPS logins are enabled. ' . 'Users must attempt a connecton to an HTTP (Port 80) site to get forwarded to the captive portal. ' . 'If HTTPS logins are enabled, the user will be redirected to the HTTPS login page.');
$form->add($section);
$section = new Form_Section('HTML page contents');
$section->addClass('HTML');
$section->addInput(new Form_Input('htmlfile', 'Portal page contents', 'file', $pconfig['htmlfile']))->setHelp('Upload an HTML/PHP file for the portal page here (leave blank to keep the current one). Make sure to include a form (POST to "$PORTAL_ACTION$") ' . 'with a submit button (name="accept") and a hidden field with name="redirurl" and value="$PORTAL_REDIRURL$". ' . 'Include the "auth_user" and "auth_pass" and/or "auth_voucher" input fields if authentication is enabled, otherwise it will always fail.' . '<br />' . 'Example code for the form:' . '<br />' . '<form method="post" action="$PORTAL_ACTION$"><br />
<input name="auth_user" type="text"><br />
<input name="auth_pass" type="password"><br />
<input name="auth_voucher" type="text"><br />
<input name="redirurl" type="hidden" value="$PORTAL_REDIRURL$"><br />
<input name="accept" type="submit" value="Continue"><br />
</form>')->addClass('btn btn-info btn-sm');
list($host) = explode(":", $_SERVER['HTTP_HOST']);
$zoneid = $pconfig['zoneid'] ? $pconfig['zoneid'] : 8000;
if ($pconfig['httpslogin_enable']) {
$port = $pconfig['listenporthttps'] ? $pconfig['listenporthttps'] : $zoneid + 8001;
$href = "https://{$host}:{$port}/?zone={$cpzone}";
} else {
$port = $pconfig['listenporthttp'] ? $pconfig['listenporthttp'] : $zoneid + 8000;
$href = "http://{$host}:{$port}/?zone={$cpzone}";
$section->add($group);
$section->addInput(new Form_Checkbox('force_down', 'Force state', 'Mark Gateway as Down', $pconfig['force_down']))->setHelp('This will force this gateway to be considered Down');
$section->addInput(new Form_Input('descr', 'Description', 'text', $pconfig['descr']))->setHelp('You may enter a description here for your reference (not parsed).');
// If any of the advanced options are non-default, we will not show the "Advanced" button
// and will display the advanced section
if (!(!empty($pconfig['latencylow']) || !empty($pconfig['latencyhigh']) || !empty($pconfig['losslow']) || !empty($pconfig['losshigh']) || !empty($pconfig['data_payload']) || isset($pconfig['weight']) && $pconfig['weight'] > 1 || isset($pconfig['interval']) && !($pconfig['interval'] == $dpinger_default['interval']) || isset($pconfig['loss_interval']) && !($pconfig['loss_interval'] == $dpinger_default['loss_interval']) || isset($pconfig['time_period']) && !($pconfig['time_period'] == $dpinger_default['time_period']) || isset($pconfig['alert_interval']) && !($pconfig['alert_interval'] == $dpinger_default['alert_interval']) || isset($pconfig['nonlocalgateway']) && $pconfig['nonlocalgateway'])) {
$btnadvanced = new Form_Button('toggle-advanced', 'Advanced options');
$advdflt = true;
$btnadvanced->toggles('.advanced-options')->setAttribute('type', 'button');
$btnadvanced->removeClass('btn-primary')->addClass('btn-default');
$section->addInput(new Form_StaticText(null, $btnadvanced));
}
$form->add($section);
$section = new Form_Section('Advanced');
if (isset($advdflt)) {
$section->addClass('collapse');
}
$section->addClass('advanced-options');
$section->addInput(new Form_Select('weight', 'Weight', $pconfig['weight'], array_combine(range(1, 30), range(1, 30))))->setHelp('Weight for this gateway when used in a Gateway Group.');
$section->addInput(new Form_Input('data_payload', 'Data Payload', 'number', $pconfig['data_payload'], ['placeholder' => $dpinger_default['data_payload']]))->setHelp('Define data payload to send on ICMP packets to gateway monitor IP.');
$group = new Form_Group('Latency thresholds');
$group->add(new Form_Input('latencylow', 'From', 'number', $pconfig['latencylow'], ['placeholder' => $dpinger_default['latencylow']]));
$group->add(new Form_Input('latencyhigh', 'To', 'number', $pconfig['latencyhigh'], ['placeholder' => $dpinger_default['latencyhigh']]));
$group->setHelp('Low and high thresholds for latency in milliseconds.
Default is %d/%d.', [$dpinger_default['latencylow'], $dpinger_default['latencyhigh']]);
$section->add($group);
$group = new Form_Group('Packet Loss thresholds');
$group->add(new Form_Input('losslow', 'From', 'number', $pconfig['losslow'], ['placeholder' => $dpinger_default['losslow']]));
$group->add(new Form_Input('losshigh', 'To', 'number', $pconfig['losshigh'], ['placeholder' => $dpinger_default['losshigh']]));
$group->setHelp('Low and high thresholds for packet loss in %%.
Default is %d/%d.', [$dpinger_default['losslow'], $dpinger_default['losshigh']]);
// Indicates the elements we are composing are part of a combined group
$savebutton = new Form_Button('submit', $savevalue);
if ($savehelp) {
$savebutton->setHelp($savehelp);
}
$form = new Form($savebutton);
$form->addGlobal(new Form_Input('xml', null, 'hidden', $xml));
/* If a package's XML has <advanced_options/> configured, then setup
* the section for the fields that have <advancedfield/> set.
* These fields will be placed below other fields in a separate area titled 'Advanced Features'.
* These advanced fields are not normally configured and generally left to default to 'default settings'.
*/
if ($pkg['advanced_options'] == "enabled") {
$advfield_count = 0;
$advanced = new Form_Section("Advanced Features");
$advanced->addClass('advancedoptions');
}
$js_array = array();
// Now loop through all of the fields defined in the XML
foreach ($pkg['fields']['field'] as $pkga) {
$action = "";
$uid = "";
if ($pkga['type'] == "sorting") {
continue;
}
// Generate a new section
if ($pkga['type'] == "listtopic") {
if (isset($pkga['advancedfield']) && isset($advfield_count)) {
$advanced->addInput(new Form_StaticText(strip_tags($pkga['name']), null));
$advfield_count++;
} else {
$section = new Form_Section('General Logging Options');
$section->addInput(new Form_Checkbox('reverse', 'Forward/Reverse Display', 'Show log entries in reverse order (newest entries on top)', $pconfig['reverse']));
$section->addInput(new Form_Input('nentries', 'GUI Log Entries', 'text', $pconfig['nentries'], ['placeholder' => '']))->setHelp('This is only the number of log entries displayed in the GUI. It does not affect how many entries are contained in the actual log files.');
$section->addInput(new Form_Input('logfilesize', 'Log file size (Bytes)', 'text', $pconfig['logfilesize'], ['placeholder' => 'Bytes']))->setHelp($logfilesizeHelp);
$section->addInput(new Form_Checkbox('logdefaultblock', 'Log firewall default blocks', 'Log packets matched from the default block rules in the ruleset', $pconfig['logdefaultblock']))->setHelp('Packets that are blocked by the implicit default block rule will not be logged if you uncheck this option. Per-rule logging options are still respected.');
$section->addInput(new Form_Checkbox('logdefaultpass', null, 'Log packets matched from the default pass rules put in the ruleset', $pconfig['logdefaultpass']))->setHelp('Packets that are allowed by the implicit default pass rule will be logged if you check this option. Per-rule logging options are still respected. ');
$section->addInput(new Form_Checkbox('logbogons', null, 'Log packets blocked by \'Block Bogon Networks\' rules', $pconfig['logbogons']));
$section->addInput(new Form_Checkbox('logprivatenets', null, 'Log packets blocked by \'Block Private Networks\' rules', $pconfig['logprivatenets']));
$section->addInput(new Form_Checkbox('loglighttpd', 'Web Server Log', 'Log errors from the web server process', $pconfig['loglighttpd']))->setHelp('If this is checked, errors from the lighttpd web server process for the GUI or Captive Portal will appear in the main system log');
$section->addInput(new Form_Checkbox('rawfilter', 'Raw Logs', 'Show raw filter logs)', $pconfig['rawfilter']))->setHelp(gettext('If this is checked, filter logs are shown as generated by the packet filter, without any formatting. This will reveal more detailed information, but it is more difficult to read'));
$section->addInput(new Form_Select('filterdescriptions', 'Where to show rule descriptions', !isset($pconfig['filterdescriptions']) ? '0' : $pconfig['filterdescriptions'], array('0' => 'Dont load descriptions', '1' => 'Display as column', '2' => 'Display as second row')))->setHelp('Show the applied rule description below or in the firewall log rows' . '<br />' . 'Displaying rule descriptions for all lines in the log might affect performance with large rule sets');
$section->addInput(new Form_Checkbox('disablelocallogging', 'Local Logging', $g['platform'] == $g['product_name'] ? "Disable writing log files to the local disk" : "Disable writing log files to the local RAM disk", $pconfig['disablelocallogging']));
$section->addInput(new Form_Button('resetlogs', 'Reset Log Files'))->addClass('btn-danger btn-xs')->setHelp('Clears all local log files and reinitializes them as empty logs. This also restarts the DHCP daemon. Use the Save button first if you have made any setting changes.');
$form->add($section);
$section = new Form_Section('Remote Logging Options');
$section->addClass('toggle-remote');
$section->addInput(new Form_Checkbox('enable', 'Enable Remote Logging', 'Send log messages to remote syslog server', $pconfig['enable']));
$section->addInput(new Form_Select('sourceip', 'Source Address', link_interface_to_bridge($pconfig['sourceip']) ? null : $pconfig['sourceip'], ["" => gettext("Default (any)")] + get_possible_traffic_source_addresses(false)))->setHelp($remoteloghelp);
$section->addInput(new Form_Select('ipproto', 'IP Protocol', $ipproto, array('ipv4' => 'IPv4', 'ipv6' => 'IPv6')))->setHelp('This option is only used when a non-default address is chosen as the source above. ' . 'This option only expresses a preference; If an IP address of the selected type is not found on the chosen interface, the other type will be tried.');
// Group collapses/appears based on 'enable' checkbox above
$group = new Form_Group('Remote log servers');
$group->addClass('remotelogging');
$group->add(new Form_Input('remoteserver', 'Server 1', 'text', $pconfig['remoteserver'], ['placeholder' => 'IP[:port]']));
$group->add(new Form_Input('remoteserver2', 'Server 2', 'text', $pconfig['remoteserver2'], ['placeholder' => 'IP[:port]']));
$group->add(new Form_Input('remoteserver3', 'Server 3', 'text', $pconfig['remoteserver3'], ['placeholder' => 'IP[:port]']));
$section->add($group);
$group = new Form_MultiCheckboxGroup('Remote Syslog Contents');
$group->addClass('remotelogging');
$group->add(new Form_MultiCheckbox('logall', null, 'Everything', $pconfig['logall']));
$group->add(new Form_MultiCheckbox('system', null, 'System Events', $pconfig['system']));
$group->add(new Form_MultiCheckbox('filter', null, 'Firewall Events', $pconfig['filter']));
foreach ($interfaces as $iface => $ifacename) {
$iflist[$iface] = $ifacename;
}
$section = new Form_Section("Configuration");
$section->addClass('toggle-l2tp-enable');
$section->addInput(new Form_Select('interface', 'Interface', $pconfig['interface'], $iflist));
$section->addInput(new Form_Input('localip', 'Server address', 'text', $pconfig['localip']))->setHelp('Enter the IP address the L2TP server should give to clients for use as their "gateway". ' . '<br />' . 'Typically this is set to an unused IP just outside of the client range.' . '<br /><br />' . 'NOTE: This should NOT be set to any IP address currently in use on this firewall.');
$section->addInput(new Form_IpAddress('remoteip', 'Remote address range', $pconfig['remoteip']))->addMask(l2tp_subnet, $pconfig['l2tp_subnet'])->setHelp('Specify the starting address for the client IP address subnet.');
$section->addInput(new Form_Select('n_l2tp_units', 'Number of L2TP users', $pconfig['n_l2tp_units'], array_combine(range(1, 255, 1), range(1, 255, 1))));
$section->addPassword(new Form_Input('secret', 'Secret', 'password', $pconfig['secret']))->setHelp('Specify optional secret shared between peers. Required on some devices/setups.');
$section->addInput(new Form_Select('paporchap', 'Authentication type', $pconfig['paporchap'], array('chap' => 'CHAP', 'chap-msv2' => 'MS-CHAPv2', 'pap' => 'PAP')))->setHelp('Specifies the protocol to use for authentication.');
$section->addInput(new Form_Input('l2tp_dns1', 'Primary L2TM DNS server', 'text', $pconfig['l2tp_dns1']));
$section->addInput(new Form_Input('l2tp_dns2', 'Secondary L2TM DNS server', 'text', $pconfig['l2tp_dns2']));
$form->add($section);
$section = new Form_Section("RADIUS");
$section->addClass('toggle-l2tp-enable');
$section->addInput(new Form_Checkbox('radiusenable', 'Enable', 'Use a RADIUS server for authentication', $pconfig['radiusenable']))->setHelp('When set, all users will be authenticated using the RADIUS server specified below. The local user database will not be used.');
$section->addInput(new Form_Checkbox('radacct_enable', 'Accounting', 'Enable RADIUS accounting', $pconfig['radacct_enable']))->setHelp('Sends accounting packets to the RADIUS server.');
$section->addInput(new Form_IpAddress('radiusserver', 'Server', $pconfig['radiusserver']))->setHelp('Enter the IP address of the RADIUS server.');
$section->addPassword(new Form_Input('radiussecret', 'Secret', 'password', $pconfig['radiussecret']))->setHelp('Enter the shared secret that will be used to authenticate to the RADIUS server.');
$section->addInput(new Form_Checkbox('radiusissueips', 'RADIUS issued IPs', 'Issue IP Addresses via RADIUS server.', $pconfig['radiusissueips']));
$form->add($section);
print $form;
print_info_box(gettext("Don't forget to add a firewall rule to permit traffic from L2TP clients!"), info);
?>
<script type="text/javascript">
//<![CDATA[
events.push(function() {
function setL2TP () {
$section->addInput(new Form_Select('engine', 'Hardware Crypto', $pconfig['engine'], openvpn_get_engines()));
$form->add($section);
$section = new Form_Section('Tunnel settings');
$section->addInput(new Form_Input('tunnel_network', 'IPv4 Tunnel Network', 'text', $pconfig['tunnel_network']))->setHelp('This is the IPv4 virtual network used for private communications between this client and the sercer ' . 'expressed using CIDR (eg. 10.0.8.0/24). The first network address will be assigned to ' . 'the client virtual interface.');
$section->addInput(new Form_Input('tunnel_networkv6', 'IPv6 Tunnel Network', 'text', $pconfig['tunnel_networkv6']))->setHelp('This is the IPv6 virtual network used for private ' . 'communications between this client and the server expressed using CIDR (eg. fe80::/64). ' . 'The first network address will be assigned to the server virtual interface.');
$section->addInput(new Form_Input('remote_network', 'IPv4 Remote network(s)', 'text', $pconfig['remote_network']))->setHelp('IPv4 networks that will be routed through the tunnel, so that a site-to-site VPN can be established without manually ' . 'changing the routing tables. Expressed as a comma-separated list of one or more CIDR ranges. ' . 'If this is a site-to-site VPN, enter the remote LAN/s here. You may leave this blank if you don\'t want a site-to-site VPN.');
$section->addInput(new Form_Input('remote_networkv6', 'IPv6 Remote network(s)', 'text', $pconfig['remote_networkv6']))->setHelp('These are the IPv6 networks that will be routed through the tunnel, so that a site-to-site VPN can be established without manually ' . 'changing the routing tables. Expressed as a comma-separated list of one or more IP/PREFIX. ' . 'If this is a site-to-site VPN, enter the remote LAN/s here. You may leave this blank if you don\'t want a site-to-site VPN.');
$section->addInput(new Form_Input('use_shaper', 'Limit outgoing bandwidth', 'number', $pconfig['use_shaper'], ['min' => 100, 'max' => 100000000, 'placeholder' => 'Between 100 and 100,000,000 bytes/sec']))->setHelp('Maximum outgoing bandwidth for this tunnel. Leave empty for no limit. The input value has to be something between 100 bytes/sec and 100 Mbytes/sec (entered as bytes per second).');
$section->addInput(new Form_Select('compression', 'Compression', $pconfig['compression'], $openvpn_compression_modes))->setHelp('Compress tunnel packets using the LZO algorithm. Adaptive compression will dynamically disable compression for a period of time if OpenVPN detects that the data in the packets is not being compressed efficiently.');
$section->addInput(new Form_checkbox('passtos', 'Type-of-Service', 'Set the TOS IP header value of tunnel packets to match the encapsulated packet value.', $pconfig['passtos']));
$section->addInput(new Form_checkbox('no_tun_ipv6', 'Disable IPv6', 'Don\'t forward IPv6 traffic. ', $pconfig['no_tun_ipv6']));
$section->addInput(new Form_checkbox('route_no_pull', 'Don\'t pull routes', 'Bars the server from adding routes to the client\'s routing table', $pconfig['route_no_pull']))->setHelp('This option still allows the server to set the TCP/IP properties of the client\'s TUN/TAP interface. ');
$section->addInput(new Form_checkbox('route_no_exec', 'Don\'t add/remove routes', 'Don\'t add or remove routes automatically', $pconfig['route_no_exec']))->setHelp('Pass routes to --route-upscript using environmental variables');
$form->add($section);
$section = new Form_Section('Advanced Configuration');
$section->addClass('advanced');
$section->addInput(new Form_TextArea('custom_options', 'Custom options', $pconfig['custom_options']))->setHelp('Enter any additional options you would like to add to the OpenVPN server configuration here, separated by semicolon' . '<br />' . 'EXAMPLE: push "route 10.0.0.0 255.255.255.0"');
$section->addInput(new Form_Select('verbosity_level', 'Verbosity level', $pconfig['verbosity_level'], $openvpn_verbosity_level))->setHelp('Each level shows all info from the previous levels. Level 3 is recommended if you want a good summary of what\'s happening without being swamped by output' . '<br /><br />' . 'None: Only fatal errors' . '<br />' . 'Default: Normal usage range' . '<br />' . '5: Output R and W characters to the console for each packet read and write, uppercase is used for TCP/UDP packets and lowercase is used for TUN/TAP packets' . '<br />' . '6: Debug info range');
$section->addInput(new Form_Input('act', null, 'hidden', $act));
if (isset($id) && $a_server[$id]) {
$section->addInput(new Form_Input('id', null, 'hidden', $id));
}
$form->add($section);
print $form;
} else {
?>
<div class="panel panel-default">
<div class="panel-heading"><h2 class="panel-title"><?php
echo gettext('OpenVPN Clients');
?>
</h2></div>
$section->addInput(new Form_Select('autoedge', 'Auto Edge Ports', $edgelist['selected'], $edgelist['list'], true))->setHelp('Allow interface to automatically detect edge status. This is the default for all interfaces added to a bridge.' . '%sThis will disable the autoedge status of interfaces. %s', ['<strong>', '</strong>']);
$edgelist = build_port_list($pconfig['ptp']);
$section->addInput(new Form_Select('ptp', 'PTP Ports', $edgelist['selected'], $edgelist['list'], true))->setHelp('Set the interface as a point-to-point link. This is required for straight transitions to forwarding and should be enabled on a direct link to another RSTP-capable switch.');
$edgelist = build_port_list($pconfig['autoptp']);
$section->addInput(new Form_Select('autoptp', 'Auto PTP Ports', $edgelist['selected'], $edgelist['list'], true))->setHelp('Automatically detect the point-to-point status on interface by checking the full duplex link status. This is the default for interfaces added to the bridge.' . '%sThe interfaces selected here will be removed from default autoedge status. %s', ['<strong>', '</strong>']);
$edgelist = build_port_list($pconfig['static']);
$section->addInput(new Form_Select('static', 'Sticky Ports', $edgelist['selected'], $edgelist['list'], true))->setHelp('Mark an interface as a "sticky" interface. Dynamically learned address entries are treated as static once entered into the cache. ' . 'Sticky entries are never aged out of the cache or replaced, even if the address is seen on a different interface.');
$edgelist = build_port_list($pconfig['private']);
$section->addInput(new Form_Select('private', 'Private Ports', $edgelist['selected'], $edgelist['list'], true))->setHelp('Mark an interface as a "private" interface. A private interface does not forward any traffic to any other port that is also a private interface. ');
// STP section
// ToDo: - Should disable spanning tree section when not checked
$section->addInput(new Form_Checkbox('enablestp', 'Enable RSTP/STP', null, $pconfig['enablestp']));
// Show the spanning tree section
$form->add($section);
$section = new Form_Section('RSTP/STP');
$section->addClass('adnlopts');
$section->addInput(new Form_Select('proto', 'Protocol', $pconfig['proto'], array('rstp' => 'RSTP', 'stp' => 'STP')))->setHelp('Protocol used for spanning tree.');
$edgelist = build_port_list($pconfig['stp']);
$section->addInput(new Form_Select('stp', 'STP Interfaces', $edgelist['selected'], $edgelist['list'], true))->setHelp('Enable Spanning Tree Protocol on interface. The if_bridge(4) driver has support for the IEEE 802.1D Spanning Tree Protocol (STP). ' . 'STP is used to detect and remove loops in a network topology.');
$section->addInput(new Form_Input('maxage', 'Valid time', 'number', $pconfig['maxage'], ['placeholder' => 20, 'min' => 6, 'max' => 40]))->setHelp('Set the time that a Spanning Tree Protocol configuration is valid. The default is 20 seconds. The minimum is 6 seconds and the maximum is 40 seconds.');
$section->addInput(new Form_Input('fwdelay', 'Forward time', 'number', $pconfig['fwdelay'], ['placeholder' => 15, 'min' => 4, 'max' => 30]))->setHelp('Set the time that must pass before an interface begins forwarding packets when Spanning Tree is enabled. The default is 15 seconds. The minimum is 4 seconds and the maximum is 30 seconds. ');
$section->addInput(new Form_Input('hellotime', 'Hello time', 'number', $pconfig['hellotime'], ['placeholder' => 2, 'min' => 1, 'max' => 2, 'step' => '0.1']))->setHelp('Set the time in seconds between broadcasting of Spanning Tree Protocol configuration messages. The hello time may only be changed when operating in legacy STP mode. ' . 'The default is 2 seconds. The minimum is 1 second and the maximum is 2 seconds.');
$section->addInput(new Form_Input('priority', 'Priority', 'number', $pconfig['priority'], ['placeholder' => 32768, 'min' => 0, 'max' => 61440]))->setHelp('Set the bridge priority for Spanning Tree. The default is 32768. The minimum is 0 and the maximum is 61440. ');
$section->addInput(new Form_Input('holdcnt', 'Hold Count', 'number', $pconfig['holdcnt'], ['placeholder' => 6, 'min' => 1, 'max' => 10]))->setHelp('Set the transmit hold count for Spanning Tree. This is the number of packets transmitted before being rate limited. The default is 6. The minimum is 1 and the maximum is 10.');
foreach ($ifacelist as $ifn => $ifdescr) {
$section->addInput(new Form_Input($ifn, $ifdescr . ' Priority', 'number', $pconfig['ifpriority'][$ifn], ['placeholder' => 128, 'min' => 0, 'max' => 240, 'step' => 16]))->setHelp('Set the Spanning Tree priority of interface to value. The default is 128. The minimum is 0 and the maximum is 240. Increments of 16.');
}
$i = 0;
foreach ($ifacelist as $ifn => $ifdescr) {
$section->addInput(new Form_Input($ifn . 0, $ifdescr . ' Path cost', 'number', $pconfig['ifpathcost'][$ifn], ['placeholder' => 0, 'min' => 1, 'max' => 200000000]))->setHelp('Set the Spanning Tree path cost of interface to value. The default is calculated from the link speed. ' . 'To change a previously selected path cost back to automatic, set the cost to 0. The minimum is 1 and the maximum is 200000000.');
$i++;
$protocols = "any TCP UDP TCP/UDP ICMP ESP AH GRE IPV6 IGMP carp pfsync";
$section->addInput(new Form_Select('protocol', 'Protocol', $pconfig['protocol'], array_combine(explode(" ", strtolower($protocols)), explode(" ", $protocols))))->setHelp('Choose which protocol this rule should match. In most cases "any" is specified.');
$group = new Form_Group('Source');
$group->add(new Form_Select('source_type', null, $pconfig['source'] == "any" || $pconfig['source'] == "(self)" ? $pconfig['source'] : "network", array('any' => gettext('Any'), '(self)' => gettext('This Firewall (self)'), 'network' => gettext('Network'))))->setHelp('Type')->setWidth('3');
$group->add(new Form_IpAddress('source', null, $pconfig['source']))->addMask('source_subnet', $pconfig['source_subnet'])->setHelp('Source network for the outbound NAT mapping.')->setPattern('[a-zA-Z0-9\\_\\.\\:]+');
$group->add(new Form_Input('sourceport', null, 'text', $pconfig['sourceport']))->setHelp('Port')->setWidth('2');
$section->add($group);
$group = new Form_Group('Destination');
$group->add(new Form_Select('destination_type', null, $pconfig['destination'] == "any" ? "any" : "network", array('any' => gettext('Any'), 'network' => gettext('Network'))))->setHelp('Type')->setWidth('3');
$group->add(new Form_IpAddress('destination', null, $pconfig['destination'] == "any" ? "" : $pconfig['destination']))->addMask('destination_subnet', $pconfig['destination_subnet'])->setHelp('Destination network for the outbound NAT mapping.')->setPattern('[a-zA-Z0-9\\_\\.\\:]+');
$group->add(new Form_Input('dstport', null, 'text', $pconfig['dstport']))->setHelp('Port')->setWidth('2');
$section->add($group);
$section->addInput(new Form_Checkbox('destination_not', null, 'Not', $pconfig['destination_not']))->setHelp('Invert the sense of the destination match.');
$form->add($section);
$section = new Form_Section('Translation');
$section->addClass('translation');
$section->addInput(new Form_Select('target', 'Address', $pconfig['target'], build_target_list()));
$section->addInput(new Form_IpAddress('targetip', 'Other subnet', $pconfig['targetip']))->addMask('targetip_subnet', $pconfig['targetip_subnet'])->addClass('othersubnet')->setHelp('Packets matching this rule will be mapped to the IP address given here.' . '<br />' . 'To apply this rule to a different IP address than the IP address of the interface chosen above, ' . 'select it here (' . '<a href="firewall_virtual_ip.php">' . gettext("Virtual IP") . '</a> ' . 'addresses need to be defined on the interface first)');
$section->addInput(new Form_Select('poolopts', 'Pool options', $pconfig['poolopts'], array('' => gettext('Default'), 'round-robin' => gettext('Round Robin'), 'round-robin sticky-address' => gettext('Round Robin with Sticky Address'), 'random' => gettext('Random'), 'random sticky-address' => gettext('Random with Sticky Address'), 'source-hash' => gettext('Source hash'), 'bitmask' => gettext('Bit mask'))))->setHelp('Only Round Robin types work with Host Aliases. Any type can be used with a Subnet.' . '<br />' . '</span><ul class="help-block">' . '<li>' . 'Round Robin: Loops through the translation addresses.' . '</li>' . '<li>' . 'Random: Selects an address from the translation address pool at random.' . '</li>' . '<li>' . 'Source Hash: Uses a hash of the source address to determine the translation address, ensuring that the redirection address is always the same for a given source.' . '</li>' . '<li>' . 'Bitmask: Applies the subnet mask and keeps the last portion identical; 10.0.1.50 -> x.x.x.50.' . '</li>' . '<li>' . 'Sticky Address: The Sticky Address option can be used with the Random and Round Robin pool types to ensure that a particular source address is always mapped to the same translation address.' . '</li>' . '</ul><span class="help-block">');
$group = new Form_Group('Port');
$group->addClass('natportgrp');
$group->add(new Form_Input('natport', null, 'text', $pconfig['natport']))->setHelp('Enter the source port or range for the outbound NAT mapping.');
$group->add(new Form_Checkbox('staticnatport', null, 'Static port', $pconfig['staticnatport']));
$section->add($group);
$form->add($section);
$section = new Form_Section('Misc');
$section->addInput(new Form_Checkbox('nosync', 'No XMLRPC Sync', null, $pconfig['nosync'], 'yes'))->setHelp('Prevents the rule on Master from automatically syncing to other CARP members. ' . 'This does NOT prevent the rule from being overwritten on Slave.');
$section->addInput(new Form_Input('descr', 'Description', 'text', $pconfig['descr']))->setHelp('A description may be entered here for administrative reference (not parsed).');
if (isset($id) && $a_out[$id]) {
$section->addInput(new Form_Input('id', null, 'hidden', $id));
}
$group = new Form_MultiCheckboxGroup('cron based reset');
$group->addClass('pppoepreset');
$group->add(new Form_MultiCheckbox('pppoe_pr_preset_val', null, 'Reset at each month ("0 0 1 * *")', $pconfig['pppoe_monthly'], 'monthly'))->displayAsRadio();
$group->add(new Form_MultiCheckbox('pppoe_pr_preset_val', null, 'Reset at each week ("0 0 * * 0")', $pconfig['pppoe_weekly'], 'weekly'))->displayAsRadio();
$group->add(new Form_MultiCheckbox('pppoe_pr_preset_val', null, 'Reset at each day ("0 0 * * *")', $pconfig['pppoe_daily'], 'daily'))->displayAsRadio();
$group->add(new Form_MultiCheckbox('pppoe_pr_preset_val', null, 'Reset at each hour ("0 * * * *")', $pconfig['pppoe_hourly'], 'hourly'))->displayAsRadio();
$section->add($group);
if (isset($pconfig['pppid'])) {
$section->addInput(new Form_StaticText('Advanced and MLPPP', '<a href="/interfaces_ppps_edit.php?id=' . htmlspecialchars($pconfig['pppid']) . '" class="navlnk">Click here for additional PPPoE configuration options. Save first if you made changes.</a>'));
} else {
$section->addInput(new Form_StaticText('Advanced and MLPPP', '<a href="/interfaces_ppps_edit.php" class="navlnk">Click here for additional PPPoE configuration options and for MLPPP configuration.</a>'));
}
$form->add($section);
// PPTP & L2TP Configuration section
$section = new Form_Section('PPTP/L2TP Configuration');
$section->addClass('pptp');
$section->addInput(new Form_Input('pptp_username', 'Username', 'text', $pconfig['pptp_username']));
$section->addInput(new Form_Input('pptp_password', 'Password', 'password', $pconfig['pptp_password']));
$section->addInput(new Form_IpAddress('pptp_local0', 'Local IP address', $pconfig['pptp_localip'][0]))->addMask('pptp_subnet0', $pconfig['pptp_subnet'][0]);
$section->addInput(new Form_IpAddress('pptp_remote0', 'Remote IP address', $pconfig['pptp_remote'][0]));
$section->addInput(new Form_Checkbox('pptp_dialondemand', 'Dial on demand', 'Enable Dial-On-Demand mode ', $pconfig['pptp_dialondemand'], 'enable'))->setHelp('This option causes the interface to operate in dial-on-demand mode, allowing you to have a virtual full time connection. ' . 'The interface is configured, but the actual connection of the link is delayed until qualifying outgoing traffic is detected.');
$section->addInput(new Form_Input('pptp_idletimeout', 'Idle timeout (seconds)', 'number', $pconfig['pptp_idletimeout'], [min => 0]))->setHelp('If no qualifying outgoing packets are transmitted for the specified number of seconds, the connection is brought down. ' . 'An idle timeout of zero disables this feature.');
if (isset($pconfig['pppid'])) {
if (isset($pconfig['pptp_localip'][1]) || isset($pconfig['pptp_subnet'][1]) || isset($pconfig['pptp_remote'][1])) {
$mlppp_text = gettext("There are additional Local and Remote IP addresses defined for MLPPP.") . "<br />";
} else {
$mlppp_text = "";
}
$section->addInput(new Form_StaticText('Advanced and MLPPP', $mlppp_text . '<a href="/interfaces_ppps_edit.php?id=' . htmlspecialchars($pconfig['pppid']) . '" class="navlnk">Click here for additional PPTP and L2TP configuration options. Save first if you made changes.</a>'));
} else {
$section->addInput(new Form_StaticText('Advanced and MLPPP', '<a href="/interfaces_ppps_edit.php" class="navlnk">Click here for additional PPTP and L2TP configuration options.</a>'));
display_top_tabs($tab_array);
if ($act == "new" || $act == gettext("Save") || $input_errors) {
if (!isset($id)) {
$form = new Form();
$section = new Form_Section('Create new revocation list');
$section->addInput(new Form_Select('method', 'Method', $pconfig['method'], build_method_list()));
}
$section->addInput(new Form_Input('descr', 'Descriptive name', 'text', $pconfig['descr']));
$section->addInput(new Form_Select('caref', 'Certificate Authority', $pconfig['caref'], build_ca_list()));
$form->add($section);
$section = new Form_Section('Existing Certificate Revocation List');
$section->addClass('existing');
$section->addInput(new Form_Textarea('crltext', 'CRL data', $pconfig['crltext']))->setHelp('Paste a Certificate Revocation List in X.509 CRL format here.');
$form->add($section);
$section = new Form_Section('Internal Certificate Revocation List');
$section->addClass('internal');
$section->addInput(new Form_Input('lifetime', 'Lifetime (Days)', 'number', $pconfig['lifetime'], [max => '9999']));
$section->addInput(new Form_Input('serial', 'Serial', 'number', $pconfig['serial'], [min => '0', max => '9999']));
$form->add($section);
if (isset($id) && $thiscrl) {
$section->addInput(new Form_Input('id', null, 'hidden', $id));
}
print $form;
} elseif ($act == "editimported") {
$form = new Form();
$section = new Form_Section('Edit Imported Certificate Revocation List');
$section->addInput(new Form_Input('descr', 'Descriptive name', 'text', $pconfig['descr']));
$section->addInput(new Form_Textarea('crltext', 'CRL data', $pconfig['crltext']))->setHelp('Paste a Certificate Revocation List in X.509 CRL format here.');
$section->addInput(new Form_Input('id', null, 'hidden', $id));
$section->addInput(new Form_Input('act', null, 'hidden', 'editimported'));
$form->add($section);
